#! /bin/bash

# See the following link for more info:
# http://www.ameir.net/blog/archives/17-LDAP-Authentication-PAMNSS-Using-Debian-or-Ubuntu-Bash-Script-v2.html

# This script will install an LDAP authentication client for 

# Debian-based systems.  It relies on apt-get for package

# installation.  If you are using Ubuntu or Mepis, make sure

# you have the 'universe" repository enabled.  The packages we

# need are in there.

#

# Suppose the script's filename is ldapconf.sh

# If you are running it as a sudo user, type:

# chmod +x filename && sudo ./ldapconf.sh

#

# If you are root, run it as:

# chmod +x filename && ./ldapconf.sh

#

# Feel free to modify and distribute this file freely, so long

# as you leave the author's name and URL intact.

#

# © Ameir Abdeldayem

# http://www.ameir.net

# Last modified: September 1, 2006

#---------------------------------------------------------------#





DATE=`date +'%m-%d-%Y-%T'`



# check if root, else run as sudo user

function root

{

if [ $(whoami) = "root" ]

then

  echo -n

else

  echo -n "sudo "

fi

}



$(root) apt-get install libpam-ldap libnss-ldap ldap-utils nscd



echo "Backing up and modifying files in pam.d/ ..."

$(root) mv /etc/pam.d/common-account /etc/pam.d/common-account.$DATE.bak

$(root) echo account sufficient      pam_ldap.so >> /etc/pam.d/common-account

$(root) echo account required        pam_unix.so try_first_pass >> /etc/pam.d/common-account



$(root) mv /etc/pam.d/common-auth /etc/pam.d/common-auth.$DATE.bak

$(root) echo auth    sufficient      pam_ldap.so >> /etc/pam.d/common-auth

$(root) echo auth    required        pam_unix.so try_first_pass >> /etc/pam.d/common-auth



$(root) mv /etc/pam.d/common-password /etc/pam.d/common-password.$DATE.bak

$(root) echo password        sufficient      pam_ldap.so >> /etc/pam.d/common-password

$(root) echo password      required   pam_unix.so nullok obscure min=4 max=8 md5 \

try_first_pass >> /etc/pam.d/common-password



# changes in common-session shouldn't be needed, but if so uncomment and (re)run

# $(root) mv /etc/pam.d/common-session /etc/pam.d/common-session.$DATE.bak

# $(root) echo session       sufficient      pam_ldap.so >> /etc/pam.d/common-session

# $(root) echo session       required        pam_unix.so >> /etc/pam.d/common-session



$(root) cp /etc/nsswitch.conf /etc/nsswitch.conf.$DATE.bak

$(root) cp /etc/nsswitch.conf /etc/nsswitch.conf.bak



echo "Editing your nsswitch.conf file..."

$(root) sed -e 's/compat/ldap files/g' /etc/nsswitch.conf.bak > /etc/nsswitch.conf



echo -e "Finished installing packages and modifying configuration files! \n"



echo -e "NOTES:\nYou may need to restart your computer before changes take effect."

echo "You can restart your computer by typing '$(root)reboot' in this very same window."

echo "If you are trying to login as a user that is local AND in LDAP and are getting \

 permission errors, type (write this down) '$(root)nscd --invalidate=passwd' in a terminal."

